Abstract

In this paper, we develop a flexible electronic payment protocol for internet purchases. In this new protocol, from the viewpoint of banks, consumers can improve anonymity if they are worried about disclosure of their identities. An agent provides a higher anonymous certificate and improves the security of the consumers. The agent certifies re-encrypted data after verifying the validity of the content from consumers, but with no private information of the consumers required. With this new method, each consumer can get the required anonymity level, depending on the available time, computation and cost.
We use role-based access control (RBAC) to manage the new payment scheme. Each user may be assigned one or more roles, and each role can be assigned one or more privileges that are permitted to users in that role. When a role is granted to a user, this role may be in conflict with other roles of the user or together with this role; the user may have or derive a high level of authority. To solve this problem, the relationship of the roles in the scheme is analysed. Finally, comparisons with other related work are discussed.